CVE-2010-0732 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0732): gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.
Gnome: We still have some older versions in the tree. Can they be removed? If not, what needs to be done first?
Stablereq already ongoing in bug #304777 afaik, I did some clean up of old ebuilds.
All affected gtk+ revisions have been removed from the tree.
GLSA Vote: yes.
GLSA request filed.
fixed in 2.18.7 that as stabilized in bug #304777
This issue was resolved and addressed in GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml by GLSA coordinator Sean Amoss (ackle).